Monthly Archives: July 2014

Google are not just content with being the world’s major Internet search engine, they also plan to get into the security business, the internet security business. Last Tuesday Google announced it was forming a crack team of top security researchers known as Project Zero.

According to Google researcher Chris Evans the aim of Project Zero “is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically minded security researchers and contributing 100 percent of their time toward improving security across the Internet. We believe that most security researchers do what they do because they love what they do. What we offer that we think is new is a place to do what you love-but in the open and without distraction. We’ll also be looking at ways to involve the wider community, such as extensions of our popular reward initiatives and guest blog posts.”

Evans also stated “We’ve invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.”

You may be wondering how this will work and what the security implications maybe. Evans explained this “We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to the software’s vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”

What this actually means to us the average internet users is that people will be able to use the internet without having to worry that someone or even some country can exploit software bugs to infect a computer, steal secrets, or monitor communications. Google are also aiming to do what they can to tackle this problem. A large proportion of Internet users are also Google customers because they use Google products, so they won’t be won’t just be targeting bugs and vulnerabilities found in Google’s own software. They will also target anything that could threaten Internet users and aim to get any bugs found fixed in a reasonable time frame.

Google have at times been painted as the bad guys because they have a huge dominance over the Internet Landscape, but they should be lauded for this initiative. Google discovered the Heartbleed bug 3 months ago and their efforts in stopping a similar scenario happening again must be welcomed. With the huge wealth of talent, experience and equipment that Google have at their disposal, Online Internet security has just improved for the better. For more information and to keep up to date on their progress you can visit Project Zero’s blog.